University of California: campus monitoring concerns raised
New system that has ability to monitor emails and use of computer networks on campus raises eyebrows
“Secret monitoring is ongoing.”
Those ominous words captured the attention of many faculty members at the University of California, Berkeley's College of Natural Resources when they received an email message from a colleague telling them that a new system to monitor computer networks had been secretly installed on all University of California campuses months ago, without letting any but a few people know about it.
“The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus, and has enough local storage to save over 30 days of *all* this data ('full packet capture'). This can be presumed to include your email, all the websites you visit, all the data you receive from off campus or data you send off campus,” said the email from Ethan Ligon, associate professor of agricultural and resource economics. He is one of six members of the Academic Senate-Administration Joint Committee on Campus Information Technology.
Ligon went on to say that UC system officials asked the members of the committee to keep this information to themselves. But, Ligon added, he and other tenured faculty members decided that “continued silence on our part would make us complicit in what we view as a serious violation of shared governance and a serious threat to the academic freedoms that the Berkeley campus has long cherished”.
The professor provided a copy of his email to Inside Higher Ed after The San Francisco Chroniclereported on the controversy over the new monitoring.
The university system is defending the new monitoring as necessary, and says that it is not routinely reviewing anyone's email. While some faculty leaders may yet be convinced about the need for the system, many are speaking out against the secretive way that it was deployed without going through standard faculty committees that in the past have had the chance to be briefed on technology security measures.
Rachael Nava, executive vice-president of the UC system, sent a letter to faculty leaders in January after some expressed concern about the new monitoring system.
Her letter does not provide many details on the new security system, but said that the changes were prompted by “a serious cyber attack” against the University of California, Los Angeles that involved the records of up to 4.5 million patients who used UCLA medical systems. After UCLA informed those patients, 17 lawsuits – all still pending – were filed against the university, Nava's letter said. She said that those lawsuits limited what the university could say about security at UCLA and elsewhere in the system.
But Nava noted that “a recent report from Verizon described educational institutions as experiencing ‘near-pervasive infections across the majority of underlying organizations’, and observed that educational institutions have, on average, more than twice the number of malware attacks than the financial and retail sectors combined”.
The letter went on to say that the university is working to improve computer security, is collaborating with faculty committees on how to do so and respects faculty members' privacy, but the vulnerability of university networks to cyberattacks is itself a danger to privacy. "Privacy perishes in the absence of security," she wrote.
The university's Electronic Communications Policy says that while it “establishes an expectation University of California: campus monitoring concerns raised | Times Higher Education (THE):
